Share This

Apple Security Advisory 2017-10-05-1

macOS High Sierra 10.13 Supplemental Update is now availableand addresses the following:

StorageKitAvailable for: macOS High Sierra 10.13Impact: A local attacker may gain access to an encrypted APFS volumeDescription: If a hint was set in Disk Utility when creating an APFSencrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.CVE-2017-7149: Matheus Mariano of Leet Tech

SecurityAvailable for: macOS High Sierra 10.13Impact: A malicious application can extract keychain passwordsDescription: A method existed for applications to bypass thekeychain access prompt with a synthetic click. This was addressed byrequiring the user password when prompting for keychain access.CVE-2017-7150: Patrick Wardle of Synack

New downloads of macOS High Sierra 10.13 include the securitycontent of the macOS High Sierra 10.13 Supplemental Update.